“Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops, it is also available as a software update for previously shipped recent Librem laptops.” says Todd Weaver, Founder & CEO of Purism.

The Management Engine (ME), part of Intel AMT, is a separate CPU that can run and control a computer even when powered off. The ME has been the bane of the security market since 2008 on all Intel based CPUs, with publicly released exploits against it, is now disabled by default on all Purism Librem laptops.

Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery.

“Purism Librem laptops were already the most secure current Intel based computers available on the market today, but disabling the management engine solidifies that statement clearly.” says Zlatan Todoric, CTO of Purism.

The Librem 13 and Librem 15 products can be purchased today and will arrive with the Management Engine disabled by default, and it can be verified to be disabled with the source code released to confirm the disablement is accurate. Showing “ME: FW Partition Table : BAD; ME: Bringup Loader Failure : YES”

“Purism, in the long-term pursuit of liberating hardware at the lowest levels, still has more work to do. Removing the management engine entirely is the next step beyond just disabling it. Coreboot also includes another binary, the Intel FSP, a less worrisome but still important binary to liberate, incorporating a free vBIOS is another step Purism plans to take. The road to a completely free system on current Intel CPUs is not over, but the largest step of disabling the Management Engine is arguably the largest milestone to cross.” says Youness Alaoui, Hardware Enablement Developer at Purism.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience.
With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Starting today, our second generation of laptops (based on the 6th gen Intel Skylake platform) will now come with the Intel Management Engine neutralized and disabled by default. Users who already received their orders can also update their flash to disable the ME on their machines.

In this post, I will dig deeper and explain in more details what this means exactly, and why it wasn’t done before today for the laptops that were shipping this spring and summer.

The life and times of the ME

Think of the ME as having 4 possible states:

Fully operational ME: the ME is running normally like it does on other manufacturers’ machines (note that this could be a consumer or corporate ME image, which vary widely in the features they ‘provide’)

Neutralized ME: the ME is neutralized/neutered by removing the most “mission-critical” components from it, such as the kernel and network stack.

Disabled ME: the ME is officially “disabled” and is known to be completely stopped and non-functional

Removed ME: the ME is completely removed and doesn’t execute anything at any time, at all.

In my previous blog post about taming the ME, we discussed how we neutralize the ME (note that this was on the first generation, Broadwell-based Purism laptops back then), but we’ve taken things one step further today by not only neutralizing the ME but also by disabling it. The difference between the two might not be immediately visible to some of you, so I’ll clarify below.

A neutralized ME is a ME image which had most of its code removed.

The way the ME firmware is packaged on the flash, is in the form of multiple modules, and each module has a specific task, such as : Hardware initialization, Firmware updates, Kernel, Network stack, Audio/Video processing, HECI communication over PCI, Java virtual machine, etc. When the ME is neutralized using the me_cleaner tool, most of the modules will be removed. As we’ve seen on Broadwell, that meant almost 93% of the code is removed and only 7% remains (that proportion is different on Skylake, see further below).

A neutralized ME means that the ME firmware will encounter an error during its regular boot cycle; It will not find some of its critical modules and it will throw an error and somehow fail to proceed. However, the ME remains operational, it just can’t do anything “valuable”. While it’s unable to communicate with the main CPU through the HECI commands, the PCI interface to the ME processor is still active and lets us poke at the status of the ME for example, which lets us see which error caused it to stop functioning.

When the ME is disabled using the “HAP” method (thanks to the Positive Technologies for discovering this trick), however, it doesn’t throw an error “because it can’t load a module”: it actually stops itself in a graceful manner, by design.

The two approaches are similar in that they both stop the execution of the ME during the hardware initialization (BUP) phase, but with the ME disabled through the HAP method, the ME stops on its own, without putting up a fight, potentially disabling things that the forceful “me_cleaner” approach, with the “unexpected error” state, wouldn’t have disabled. The PCI interface for example, is entirely unable to communicate with the ME processor, and the status of the ME is not even retrievable.

So the big, visible difference for us, between a neutralized and a disabled ME, is that the neutralized ME might appear “normal” when coreboot accesses its status, or it might show that it has terminated due to an error, while a disabled ME simply doesn’t give us a status at all—so coreboot will even think that the ME partition is corrupted. Another advantage, is that, from my understanding of the Positive Technologies’s research, a disabled ME stops its execution before a neutralized ME does, so there is at least a little bit of extra code that doesn’t get executed when the ME is disabled, compared to a neutralized ME.

Kill it with fire! Then dump it into a volcano.

In our case, we went with an ME that is both neutered and disabled. By doing so, we provide maximum security; even if the disablement of the ME isn’t functioning properly, the ME would still fail to load its mission-critical modules and will therefore be safe from any potential exploits or backdoors (unless one is found in the very early boot process of the ME).

I want to talk about the neutralizing of the Skylake ME then follow up on how the ME was disabled. However, I first want you to understand the differences between the ME on Broadwell systems (ME version 10.x) and the ME on Skylake systems (ME version 11.0.x).

The Intel Management Engine can be seen as two things; first, the isolated processor core that run the Management Engine is considered “The ME”, and second, the firmware that runs on the ME Core is also considered as being “the ME”. I often used the two terms interchangeably, but to avoid confusion, I will from now on (try to) refer to them, respectively, as the ME Core and the ME Firmware, but note that if I simply say the ME, then I am probably referring to the ME Firmware.

The ME Firmware 10.x was used on Broadwell systems which had an ARC core, while the ME Firmware 11.0.x used on Skylake systems uses an x86 core. What this means is that the architecture used by the ME core is completely different (kind of like how PowerPC and Intel macs used a different architecture, or how most mobile devices use an ARM architecture, the Broadwell ME Core used an ARC architecture). This means that the difference between the 10.x and 11.0.x ME firmwares is major, and the cores themselves are also very different. It’s a bit like comparing arabic to korean!

As the format of the ME firmware changed significantly, it took a while to figure out how to decompress the modules and understand how to remove the modules without breaking anything else. Nicola Corna, the author of the me_cleaner tool, recently was able to add support for Skylake machines by removing all the non essential modules.

In my last ME-related post, I gave everyone a rundown of the modules that were in the ME 10.x firmware and which ones were remaining after it was neutered, so, for Skylake, here is the list of modules in a regular ME 11.0.x firmware:

The total ME size dropped from 2.5MB to 360KB, which means that 14.42% of the code remains, while 85.58% of the code was neutralized with me_cleaner.

The reason the neutering on Skylake-based systems removed less code than on Broadwell-based systems is because of the code in the ME’s read-only memory (ROM). What this “ROM” means is that a small part of the ME firmware is actually burned in the silicon of the ME Core. The ROM content is the first code executed, loaded internally from the ROM, by the ME core, and it has the simple task of reading the ME firmware from the flash, verifying its signature, making sure it hasn’t been tampered with, loading it in the ME Core’s memory and executing it.

On Broadwell, there is about 128KB of code burned in the ME Core’s ROM. That 128KB of code contains the bootloader as well as some system APIs that the other modules can use.

On Skylake, the ROM code was decreased to 17KB, leaving only the basic bootloader, and moving the system APIs to a module of their own inside the ME firmware.

This means that the total amount of code remaining, including the ROM is 360+17KB out of 2524+17KB = 377/2541 = 14.84% for Skylake, while on Broadwell, it’s 120 + 128KB out of 1624+128KB = 248/1752 = 14.15% of code remaining. The difference is much smaller now when we account for the code hidden in the ROM of the processor.

The problem with the code in the ROM is that it cannot be removed because it’s inside of the processor itself and, well, it’s Read-Only Memory—it cannot be overwritten in any way, by definition. On the bright side, it is nice to see that most of the code that was previously in the ROM has now been moved to the flash in Skylake systems.

The ME firmware itself has multiple “partitions”, each containing something that the ME firmware needs. Some of those partitions will contain code modules, some will contain configuration files, and some will contain “other data” (I don’t really know what). Either way, the ME firmware contains about a dozen different partitions, each for a specific purpose, and two of those partitions contain the majority of the code modules.

Schrödinger’s Wi-Fi

I’ll now explain what has been done to get to this point in the project. When I was done with the coreboot port to the new Skylake machines, I tried to neutralize the ME, thinking it would be a breeze, since me_cleaner claimed support for Skylake. Unfortunately, it wasn’t working as it should and I spent the entire hacking day at the coreboot conference trying to fix it.

The problem is that once the ME was neutralized with me_cleaner, the Wi-Fi module on the Librem was unpredictable: it sometimes would work and sometimes wouldn’t, which was confusing. I eventually realized that if I reboot after replacing the ME, the wifi would keep the same state as it was in before:

if I neutralized the ME and reboot, it would still work, but after powering off the machine and turning it on, the wifi would stop working;

if I restored a full ME (instead of a neutralized one) and rebooted, the wifi would remain dead;

…but if I power off the machine and turn it back on, the wifi would finally be restored.

I figured that it has something to do with how the PCI-Express card is initialized, and I spent quite some time trying to “enable it” from coreboot with a neutralized ME. I’ll spare you the details but I eventually realized that I couldn’t get it to work because the PCIe device completely ignored all my commands and would simply refuse to power up. It turns out that the ME controls the ICC (Integrated Clock Controller) so without it, it would simply not enable the clock for the PCIe device, so the wifi card wouldn’t work and there is nothing you can do about it because only the ME has control over the ICC registers. I tried to test a handful of different ME firmware versions, but surprisingly, the wifi module never worked on any of those images, even when the ME was not neutralized. Obviously, it meant that the ME firmware was not properly configured, so I used the Intel FIT tool (which is used to configure ME images, allowing us to set things like PCIe lanes, and which clocks to enable, and all of that). Unfortunately, even when an image was configured the exact same way as the original ME image we had, the wifi would still not work, and I couldn’t figure out why.

I shelved the problem to concentrate on the release of coreboot and eventually on the SATA issues we were experiencing. The decision was made to release the Librem 13 v2 and Librem 15 v3 with a regular ME until more work was done on that front, because we couldn’t hold back shipments any longer (and because we can provide updates after shipment). Also note that at that time, the support for Skylake in me_cleaner was very rough—it was removing only half of the ME code because the format of the new ME 11.x firmware wasn’t fully known yet.

A few weeks later, I saw the release of unME11 from Positive Technologies and a week later, Nicola Corna pushed more complete support for Skylake in a testing branch of me_cleaner. I immediatly jumped on it and tested it on our machines. Unfortunately, the wifi issue was still there. I decided to debug the cause by figuring out what me_cleaner does that could be affecting the ME firmware that way.

As I mentioned earlier in this post, the ME firmware is made up of a dozen of partitions, some of those containing code modules, and me_cleaner will remove all the partitions except one, in which it will remove most of the modules and leave only the critical modules needed for the startup of the system. Therefore, I started progressively whitelisting more modules so me_cleaner wouldn’t remove them, and testing if it affected the wifi module. This was annoying to test because I’d have to change me_cleaner, neutralize the ME firmware, then copy the image from my main PC to the Librem then flash the new image, poweroff, then restart the machine, and if the Wifi wasn’t working, which was 99% of the time, I had to copy the files through a USB drive. I eventually restored all of the modules and it was still not working, which made me suspect the cause might be in one of the other partitions, so I gradually added one partition at a time, until the Wifi suddenly worked. I had just added the “MFS” partition, so I started removing the other partitions again one at a time, but keeping the “MFS” partition, and the Wifi was still working. I eventually removed all of the code modules (apart from the critical ones) but keeping the MFS partition, and the wifi was still working. So I had found my fix: I just need to keep the “MFS” partition in the image and the wifi would work.

So many firmwares, so little time

So, what is this mysterious “MFS” partition? There’s not a lot of information about it anywhere online, other than one forum or mailing list user mentioning the MFS partition as “ME File System”. I decided to use a comparative approach.

The fun thing when comparing ME firmware images: not only are there multiple versions (ex: 10.x vs 11.x), for each single ME version there are multiple “flavors” of it, such as “Consumer” or “Corporate”, and there are also multiple flavors for “mobile” and “desktop”.

When I extracted and compared all the partitions of all the variants and flavors, the only difference between a mobile and a desktop image is in the MFS partition, as every other partition shares the same hash between two flavors of the same version.

I then compared the various partitions between a configured and a non configured ME firmware, and noticed that what the Intel FIT tool does when you change the system’s configuration is to simply write that configuration inside of the MFS partition.

This means that the MFS partition, which doesn’t contain any code modules, is used for storage of configuration files used by the ME firmware. This is somewhat confirmed by the fact that the MFS partition is marked as containing data.

After modifying me_cleaner to add support for the Librem, which allows us to neutralize the ME while keeping the Wifi module working, I discussed with Nicola Corna how to best integrate the feature into me_cleaner. We came to the conclusion that having a new option to allow users to select which partitions to keep would be a better method, so I sent a pull request that adds such a feature.

Unfortunately, while the wifi module was working with this change, I also had an adverse side-effect when adding the MFS partition back into the ME firmware: my machine would refuse to power off, for example, and would have trouble rebooting.

The exact behavior is that if I power off the machine, Linux would do the entire power off sequence then stop, and I would have to manually force shutdown the Librem by holding the power button for 5 seconds. As for the rebooting issue, instead of actually rebooting when Linux finishes its poweroff sequence, the system will be frozen for a few seconds before suddenly shutting itself down forcibly, then turning itself back on 5 seconds later, on its own. This isn’t the most critical of issues, but it would be very annoying to users, and unfortunately, I couldn’t find the cause of this strange behavior. All I knew was that if I remove the MFS partition, coreboot says the ME partition is corrupted, and the wifi module doesn’t work, and if I keep the MFS partition, coreboot says the ME partition is valid, the wifi module works, but the poweroff/reboot issues automatically appear.

The solution for these issues turned out to be unexpectedly simple. After another of our developers said he was ready to live with the poweroff/reboot issues, and I sent him a neutralized ME for his system, I was told that his machine was working fine with no side-effects at all. I didn’t know what the difference between his machine and mine was, other than the fact that my machine is a prototype and his was a “production” machine. I then tested my neutralized ME on the “production” Librem 13 unit I had on hand, and I didn’t have any side effects of the neutralizing of the ME firmware. I then updated my coreboot build script to add the neutralization option and asked users on our forums to test it, and every one who tested the neutralized ME reported back success with no side-effects. I then realized the problem is probably only caused by the prototype machine that I was using. Well, I can live with that.

Disabling the ME

The next step for me was to start reverse-engineering the ME firmware, like I had done before. This is of course a very long and arduous process that took a while and for which I don’t really have much progress to show. One thing I wanted to reverse-engineer was the MFS file system format so I could see which configuration files are within it and to start eliminating as much from it as possible. I started from the beginning however, by reverse engineering the entry point in the ROM. I will spare you much of the detail and the troubles in trying to understand some of the instructions, and mostly some of the memory accesses. The important thing to know is that before I got too far along, Positive Technologies announced the discovery of a way to disable the Intel ME, and I needed to test it.

Unfortunately, enabling the HAP bit which disables the ME Core, didn’t work on the Librem: it was causing the power LED to blink very slowly, and nothing I could do would stop it until I removed the battery. I first thought the machine was stuck in a boot loop, but it was just blinking really slowly. I figured out eventually that the reason was that the “HAP” bit was not added in version 11.0.0, but rather in version 11.0.x (where x > 0). I decided to try a newer ME firmware version and the HAP bit did work on that, which confirmed that the ME disablement was a feature added to the ME after the version the Librem came with (11.0.0.1180). So now I have a newer ME (version 11.0.18.1002) that is disabled thanks to the HAP bit, but… no Wi-Fi again.

I decided to retry using the FIT tool to configure the ME with the exact same settings as the old ME firmware. I went through every setting available to make sure it matches, and when I tried booting it again, the ME Core was disabled and the Wifi module was working. Great Success!

Obviously, I then needed to do plenty of testing, make sure it’s all working as it should, confirm that the ME Core was disabled, test the behavior of the system with a ME firmware both disabled and neutralized, and that it has no side effects other than what we wanted.

My previous coreboot build script was using the ME image from the local machine, but unfortunately, I can’t do that now for disabling the ME since it’s not supported on the ME image that most people have on their machines. So I updated my coreboot build script to make it download the new ME version from a public link (found here), and I used bsdiff to patch the ME image with the proper configuration for the WiFi to work. I made sure to check that the only changes to the ME image is in the MFS partition and is configuration data, so the binary patch does not contain any binary code and we can safely distribute it.

Moving towards the FSP

The next step will be to continue the reverse-engineering efforts, but for now, I’ve put that on hold because Positive Technologies have announced that they found an exploit in the ME Firmware allowing the executing of unsigned code. This exploit will be announced at the BlackHat Europe 2017 conference in December, so we’ll have to wait and see how their exploit works and what we can achieve with it before going further. Also, once Positive Technologies release their information, it might be possible for us to work together and share our knowledge. I am hoping that I can get some information from them on code that they already reverse engineered, so I don’t have to duplicate all of their efforts. I’d also like to mention that, just as last time, Igor Skochinsky has generously shared his research with us, but also getting data from Positive Technologies would be a tremendous help, considering how much work they have already invested on this.

Right now, I have decided to move my focus to investigating the FSP, which is another important binary that needs to be reverse-engineered and removed from coreboot. I don’t think that anyone is currently actively working on it, so hopefully, I can achieve something without duplicating someone else’s work, and we can advance the cause much faster this way. I think I will concentrate first on the PCH initialization code, then move to the memory initialization.

Purism Partners with Nextcloud to Build and Include End-to-End Encrypted Storage Products and Services

SAN FRANCISCO, Calif., October 18, 2017 – Purism, maker of security-focused computing devices, is partnering with Nextcloud for a series of products and services. Nextcloud, author of a popular open-source self hosted, privacy-focused file sync and share solution, is looking to expand and become a default on Purism’s mobile and desktop computing products.

“Having Nextcloud applications built into the Librem 5, as well as default within PureOS, will help people have a convenient, ethical encrypted file storage service alongside other easy-to-use defaults” says Todd Weaver, Founder and CEO of Purism.

“Partnering with Purism gets our software directly into the hands of customers, making their lives easier with security and privacy protection built-in” says Jos Poortvliet, Co-founder and Head of Marketing at Nextcloud.

Purism plans to include Nextcloud in the Librem 5 phone, as well as within PureOS for its Librem 13 and Librem 15 laptops. Additionally, Purism will be discussing with Nextcloud about a future Purism NAS that runs completely free software including Nextcloud and services.

“Nextcloud follows our strict beliefs in digital rights for people, and this partnership is a clear win for users by merging convenience and ethics together into simple products” adds Weaver.

About Nextcloud

Nextcloud offers the industry-leading fully open source solution for on-premise data handling and communication with an uncompromising focus on security and privacy and unprecedented scalability. Nextcloud brings together universal access to data with next-generation secure communication and collaboration capabilities under direct control of IT and integrated with existing compliant infrastructure. Nextcloud’s open, modular architecture, emphasis on security and advanced federation capabilities enable modern enterprises to leverage their existing assets within and across the borders of their organization.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience.
With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

SAN FRANCISCO, Calif., October 13, 2017 — Purism, maker of security focused hardware and software, today announced a collaboration with Monero, the only secure decentralized currency that is private by default. Purism recently started accepting Monero for payments in its online store, and this is a continuation of the company’s support for the cryptocurrency.

As more central services like Equifax are hacked, exposing vulnerable user data in unprecedented ways that cause permanent damage to people’s privacy, it has become clear that centralized, individually identifiable, historic, and permanent digital footprints create a serious threat to digital privacy and human rights. Purism, on the heels of its successful smartphone crowdfunding campaign which has raised more than $1.5 million, is looking to address this threat by incorporating cryptocurrencies by default into its mobile phone design, beginning with Monero.

“We must proactively plan for and address digital rights issues in the here and now, because by the time we face them in the future the damage will be irreversible,” said Todd Weaver, Founder & CEO of Purism. “Collaboration with Monero allows us to offer users a much lower barrier to entry for leveraging the benefits of a cryptocurrency, and our aim is to make it incredibly simple to use your Librem 5 smartphone to make secure, cash-like payments that safeguard your private information.”

Monero’s cryptocurrency offers a fungible, decentralized, private currency that is created to be identical to centuries of physical world transaction processes, primarily that cash given for goods or services is a one-time, non-recorded, mutual transaction.

“Collaborating with Purism addresses a major pain point for Monero. The Librem 5 makes it easy for the average user to use Monero for real world transactions on a mobile platform. In addition, the Librem 5, by using Free Libre Open Source Software provides the user with the opportunity to verify to a very high level its end point security, privacy and decentralization. This is in sharp contrast to many mobile platforms where the user has to trust a proprietary implementation. I am very excited to see the Librem 5 planning to have Monero support by default,” Francisco Cabañas, Core Team Member, The Monero Project.

“Creating a future where a person can buy or sell digital goods or services and still respect their privacy, similarly to cash but on the Internet, is a long-time dream that we plan to make a reality,” says Weaver.

Integrating Monero into Purism’s Librem 5 smartphone as part of its default mobile payment system can solve the problems plaguing the online transaction space, removing banks from the transaction, removing all central storage of private user data, keeping transactions private between two parties, all backed by the strength of an immutable cryptographic blockchain ledger.

About Monero

The Monero Project is a grassroots, community-driven initiative that advocates for privacy on a global scale by producing several free libre open source software projects, with the flagship offering being Monero, a fungible and decentralized cryptocurrency. The important guiding philosophies of Monero are security (ensuring that users are able to trust Monero with their transactions, without risk of error or attack), privacy (ensuring that users can transact Monero without fear of coercion, censorship, or surveillance), and decentralization (ensuring that no single person or group can control the network or reverse transactions). The goal is to provide a level of fungibility and privacy that is analogous to that of cash for the digital world.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience.
With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

SAN FRANCISCO, Calif., October 9, 2017 — Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has reached its $1.5 million crowdfunding goal to create the world’s first encrypted, open smartphone ecosystem that gives users complete device control, the Librem 5. After amassing incredible support from GNU/Linux enthusiasts and the Free/Open-Source community at large, forging partnerships with KDE and the GNOME Foundation in the process, Purism plans to use the remaining two weeks of the campaign to push for its stretch goals and start working on the next steps for bringing the phone to market.

Reaching the $1.5 million milestone weeks ahead of schedule enables Purism to accelerate the production of the physical product. The company plans to move into hardware production as soon as possible to assemble a developer kit as well as initiate building the base software platform, which will be publicly available and open to the developer community.

Breaking away from the iOS/Android OS duopoly, the Librem 5’s isolation-based security-focused PureOS will offer basic communication services: phone, email, messaging, voice, camera, browsing, and will expand after shipment and over time to update with more free software applications, through shared collaboration with the developer community (not “read-only open source”, but true free software collaboration). In addition to the ability to integrate with both GNOME and Plasma Mobile, the $599 Librem 5 will come equipped with hardware kill switches, a popular feature in Purism’s laptops, that allow for users to turn on and off the camera, microphone, WiFi and Bluetooth at will.

“We are thrilled that the community has supported us in making this goal a reality, and now comes the real work of bringing the Librem 5 to production and into the hands of our backers,” says Todd Weaver, Founder and CEO, Purism. “We believe we’ve demonstrated a growing interest in technologies that proactively protect and secure our digital identities, and are proud to be a part of catalyzing this movement.”

The impressive milestone has already generated celebration in the community:

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience.
With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

On Thursday, we have revealed our plans to build the world’s first encrypted, free/libre and open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. This naturally comes after having announced the general availability and inventory of our Librem 13 and Librem 15 laptops in June this year. Our newest line of laptops are undergoing shipping after a short delay related to finishing our coreboot porting work (look forward to our technical update on this subject, to be published this Tuesday).

In preparation for the phone project, in addition to our regular work we have spent 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, and have now reached the point where we are launching the crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

Enabling the next generation of cable-cutters, we are making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. We will also offer regular baseband functionality separated off from the CPU, and work towards the goal of freeing all components.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, we hope to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. We have built our reputation within the GNU/Linux community on creating laptops designed to specifically meet user concern about digital privacy, security, and software freedom.

Starting at $599—less than the cost of many popular smartphones—and featuring a bona fide GNU/Linux operating system (PureOS) instead of Android or iOS, the Librem 5 is intended to give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

Make encrypted calls that mask your phone number

Encrypt texts and emails

Set up VPN services for enhanced web browsing protection

Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network

Edit or develop on the source code, which will be made publicly available, as a community-oriented FLOSS project (not “read-only open-source”)

Run PureOS or most modern GNU+Linux distributions—not yet another Android-based phone!

SAN FRANCISCO, Calif., August 24, 2017 — Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has revealed its plans to build the world’s first encrypted, open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. After 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, Purism is opening a self-hosted crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

The plans to build the Librem 5 smartphone come on the tails of Purism opening general availability and inventory for its increasingly popular Librem laptop line in June 2017, which includes the Librem 13 and Librem 15 laptop models and has seen 35 percent average monthly growth in the past year.

Partnering with open source communications project Matrix, Purism is making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. Matrix is an open ecosystem for interoperable encrypted communication, supporting a rapidly growing community of over 2 million users for VoIP and Slack-style messaging.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, Purism hopes to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. Purism has built a strong reputation within the GNU/Linux community by delivering laptops designed to specifically meet user concern about digital privacy, chip-by-chip, line-by-line, to respect our common rights to privacy, security, and freedom.

Starting at $599—less than the cost of many popular smartphones—the Librem 5 will give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

Make encrypted calls that mask your phone number

Encrypt texts and emails

Set up VPN services for enhanced web browsing protection

Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network

Edit or develop on the source code, which will be made publicly available

“I believe digital rights should mirror physical rights. Our Librem 5 phone will get humanity closer to that goal by giving people choices about how they want to protect or share their digital identity,” said Todd Weaver, founder & CEO at Purism.

“Purism has been doing genuine and important work around making truly free yet desirable laptops. The communities I work with would very much like to see the same philosophy replicated in a phone that runs a GNOME based stack where community members can participate in equal terms and that ensures respect for the users’ privacy and security,” said Alberto Ruiz, GNOME & Fedora Laptop Enablement. “While pulling this off is hard, Todd seems like someone who sincerely cares about these issues and has a great track record executing. I think the efforts of Purism deserve the support of the free software community.”

A veteran of successful crowdfunding campaigns with more than $2.5 million raised over the past two years, Purism is self-hosting the Librem 5 crowdfunding effort on their web site. Users can back the project here: https://puri.sm/shop/librem-5

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience.
With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Continuing on our previous post on this topic, another EFI/UEFI BIOS exploit theoretically known–and even proven to work by Trammel hudson some years ago–that resurfaced through the Vault 7 documents, is the EFI/UEFI exploit that can write to NVRAM or persistent storage. This means that this exploit cannot be detected from hard drive inspection, and can survive through a complete OS reinstall if you’re using EFI/UEFI (which is not a problem for Purism users running coreboot).

The CIA documents describe it best:

“These variables present interesting opportunities for our tools since they will survive a OS reinstall and are invisible to a forensic image of the hard drive. What’s also interesting is that there is no way to enumerate NVRAM variables from the OS… you have to know the exact GUID and name of the variable to even determine that it exists.” — the CIA, as leaked through the Vault 7 Persistent Storage Document

This line also summarizes intent for the exploit:

“This might be a good place to put either implants or encryption keys. If every implant deployment used a different GUID/name pair, it would make the variables a bit more difficult to discover.” — the CIA, from the Vault 7 Persistent Storage Document

This continues to reinforce that our philosophy and beliefs are the only way to have long-term products that respects users’ digital rights.

We’re continuing with a second report (many more coming!) on the “Vault 7” Documents we started digesting recently. There is an extensive section dedicated to EFI/UEFI exploitations. While this threat has been known from a theoretical standpoint from the moment the non-free BIOS replacement–EFI/UEFI–came into existence, the Vault 7 documents published recently now confirm that these threats are real and these weaknesses are actively being exploited.

One interesting read we’re focusing on today is the EFI/UEFI “ExitBootServices Hooking” exploit and sample copy-and-paste code to inject a hook into the last execute state of the EFI/UEFI process (the “ExitBootServices”).

Copy-and-paste code was included in the leaks which allow for the exploitation of UEFI-based boot systems by altering the operating system’s kernel which is loaded into memory before exiting the UEFI boot sequence. The copy-and-paste code allows for an attacker to insert a custom hook which can be used to arbitrarily alter the operating system’s kernel in memory immediately before execution control is handed to the kernel. — Wikipedia’s summary.

It is trivial to utilize this exploit:

Because the ExitBootServices service can be found by getting its pointer from the global EFI_BOOT_SERVICES table, hooking the ExitBootServices call is trivial. […] When you’re running in UEFI, that EFI_BOOT_SERVICES table isn’t protected by anything, so you can just write directly to it. — Vault 7 ExitBootServices Hooking

The result is that the entire system is compromised. As the page highlights, “At this point, you can do whatever you want.”

This type of exploit once-again highlights that security is a game of depth. This exploit is one level below the kernel, which means it has complete control of every level above it, such as the kernel, the entire operating system, any and all applications, network traffic, web application usage, and all user interaction.

The good news is, Purism recently completed the port of coreboot to the Librem 13 v1 (with more ports to come for the rest of our devices), providing a free/libre and open source replacement for EFI/UEFI which avoids all of the exploits mentioned within the documents.

The only long-term approach to protect oneself is to have complete control of the device. Control is the key word, and there is no other way to have complete control than to have as much of the software released under free software licenses where the source code is available to confirm it operates in your best interest and not that of criminals, spies, bad hackers, nations, or thieves.

Confirming that EFI/UEFI has a known and trivial exploit that is built into the standard also confirms that there is no depth too deep to exploit, and the only defense against unwanted stripping of a users’ digital rights is to use hardware and software that you control. Purism does just that by releasing all software under a free software license where the source code is available to be audited, reviewed, and scrutinized making a user control their device not the device controlling the user.